CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun"

Transcription

1 CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun

2 About Instructor Dr. Kun Sun, Assistant Professor of Computer Science Phone: (757) Office: McGrothlin-Street Hall, 105 Office hours 2:00pm-3:15pm MW, or by appointment (send me ) 2

3 About TA Wenting Tan Office: : McGrothlin-Street Hall, 107-A Office Hour: by appointment (send ) 3

4 Course Objectives Understanding of basic issues, concepts, principles, and mechanisms in computer and network security. Basic security concepts Cryptography Authentication Kerberos IPsec and Internet key management SSL/TLS Firewall Be able to determine appropriate mechanisms for protecting networked systems. 4

5 Course Outline Basic Security Concepts Confidentiality, integrity, availability Security policies, security mechanisms, security assurance Cryptography Basic number theory Secret key cryptosystems Public key cryptosystems Hash function Key management 5

6 Course Outline (Cont d) Identification and Authentication Basic concepts of identification and authentication User authentication Authentication protocols 6

7 Course Outline (Cont d) Network and Distributed Systems Security Public Key Infrastructure (PKI) Kerberos IPsec IPsec key management SSL/TLS Firewalls 7

8 Course Outline (Cont d) Miscellaneous topics Evaluation of secure information systems Mobile security Cloud security Malicious software Security management 8

9 Project Research paper Survey paper Term Project See the class website for detailed requirement You are expected to explore issues beyond what s included in lectures by yourselves 9

10 What s Left Out? Hacking System configuration, O.S. internals Political, legal, regulatory Financial, economics Social, psychological, human factors Morals, ethics Operational, business procedures, logistics 10

11 Prerequisites Programming experience in Java and C is required Knowledge in data communication and networking CSCI

12 Required textbook Textbook Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd Edition, Prentice Hall, ISBN-13: , ISBN-10:

13 WWW page: On-line Resources csci454-s15/index.html For course materials, e.g., lecture slides, homework files, project, tools, etc. Will be updated frequently. So check frequently. 13

14 Grading CSCI 454 Homework assignments 25% Term project: 10% Midterm exam: 30% Final exam: 35% CSCI 554 Homework assignments 20% Term project: 30% Midterm exam: 20% Final exam: 30% Note: you must use text editor (e.g. MS Word, latex) to complete your homework and project. Handwritten submissions are not accepted. 14

15 Policies on late assignments Homework and project deadlines will be hard. Late homework will be accepted with a 10% reduction in grade for each day they are late by. Once a homework assignment is discussed in class, submissions will no longer be accepted. 15

16 Policies on Absences and Makeup You may be excused from an exam only with a university approved condition, with proof. For example, if you cannot take an exam because of a sickness, we will need a doctor's note. Events such as going on a business trip or attending a brother's wedding are not an acceptable excuse for not taking an exam at its scheduled time and place. You will have one chance to take a makeup exam if your absence is excused. There will be no makeup for homework assignments. 16

17 Academic Integrity The university, college, and department policies against academic dishonesty will be strictly enforced. Honor code Students are required to follow William and Mary's Honor System, as described in the student handbook. 17

18 Check the website for details! 18

19 CSCI 454/554 Computer and Network Security Topic #1. Basic Security Concepts

20 Why This Course? Symantec Internet Security Threat Report

21 Why This Course? Increased volume of security incidents Security threats Malware: Virus, worm, spyware Spam Botnet DDoS attacks Phishing Cross-site scripting (XSS) 21

22 Contributing Factors Lack of awareness of threats and risks of information systems Security measures are often not considered until an Enterprise has been penetrated by malicious users The situation is getting better, but (Historical) Reluctance to invest in security mechanisms The situation is improving Example: Windows 95! Windows 2000! Windows XP! Windows Vista! Windows 7! Windows 8 But there exists legacy software Wide-open network policies Many Internet sites allow wide-open Internet access 22

23 Contributing Factors (Cont d) Lack of security in TCP/IP protocol suite Most TCP/IP protocols not built with security in mind Work is actively progressing within the Internet Engineering Task Force (IETF) Complexity of security management and administration Security is not just encryption and authentication Software vulnerabilities Example: buffer overflow vulnerabilities We need techniques and tools to better software security Hacker skills keep improving Cyber warfare 23

24 Security Objectives Confidentiality (Secrecy) Integrity Availability (Denial of Service) 24

25 Security Objectives (CIA) Confidentiality Prevent/detect/deter improper disclosure of information Integrity Prevent/detect/deter improper modification of information Availability Prevent/detect/deter improper denial of access to services provided by the system These objectives have different specific interpretations in different contexts 25

26 Commercial Example Confidentiality An employee should not come to know the salary of his manager Integrity An employee should not be able to modify the employee's own salary Availability Paychecks should be printed on time as stipulated by law 26

27 Military Example Confidentiality The target coordinates of a missile should not be improperly disclosed Integrity The target coordinates of a missile should not be improperly modified Availability When the proper command is issued the missile should fire 27

28 A Fourth Objective Securing computing resources Prevent/ detect/deter improper use of computing resources including Hardware Resources Software resources Data resources Network resources 28

29 Achieving Security Security policy What? Security mechanism How? Security assurance How well? 29

30 Security Policy Organizational Policy Automated Information System Policy 30

31 Compusec + Comsec = Infosec Compsec Security Comsec Computers Communications Infosec 31

32 Security Mechanisms In general three types Prevention Example: Access control Detection Example: Auditing and intrusion detection Tolerance Example: Byzantine agreement Good prevention and detection both require good authentication as a foundation 32

33 Security Mechanisms (Cont d) Prevention is more fundamental Detection seeks to prevent by threat of punitive action Detection requires that the audit trail be protected from alteration Sometime detection is the only option, e.g., Accountability in proper use of authorized privileges Modification of messages in a network Security functions are typically made available to users as a set of security services Cryptography underlies (almost) all security mechanisms 33

34 Security Services Security functions are typically made available to users as a set of security services through APIs or integrated interfaces Confidentiality: protection of any information from being exposed to unintended entities. Information content. Parties involved. Where they are, how they communicate, how often, etc. Authentication: assurance that an entity of concern or the origin of a communication is authentic - it s what it claims to be or from Integrity: assurance that the information has not been tampered with 34

35 Security Services (Cont d) Non-repudiation: offer of evidence that a party is indeed the sender or a receiver of certain information Access control: facilities to determine and enforce who is allowed access to what resources, hosts, software, network connections Monitor & response: facilities for monitoring security attacks, generating indications, surviving (tolerating) and recovering from attacks 35

36 Security Assurance How well your security mechanisms guarantee your security policy Everyone wants high assurance High assurance implies high cost May not be possible Trade-off is needed 36

37 Security by Obscurity Security by obscurity If we hide the inner workings of a system it will be secure Less and less applicable in the emerging world of vendor-independent open standards Less and less applicable in a world of widespread computer knowledge and expertise 37

38 Security by Legislation Security by legislation says that if we instruct our users on how to behave we can secure our systems For example Users should not share passwords Users should not write down passwords Users should not type in their password when someone is looking over their shoulder User awareness and cooperation is important, but cannot be the principal focus for achieving security 38

39 Security Tradeoffs Security Functionality COST Ease of Use 39

40 Threat-Vulnerability-Risk Threats Possible attacks on the system Vulnerabilities Weaknesses that may be exploited to cause loss or harm Risk A measure of the possibility of security breaches and severity of the ensuing damage Requires assessment of threats and vulnerabilities 40

41 Threat Model and Attack Model Threat model and attack model need to be clarified before any security mechanism is developed Threat model Assumptions about potential attackers Describes the attacker s capabilities Attack model Assumptions about the attacks Describe how attacks are launched 41

42 Risk Management Risk analysis NIST Common Vulnerability Scoring System (CVSS) Mathematical formulae and computer models can be developed, but the parameters are difficult to estimate. Risk reduction Attack surface, Attack graph Risk acceptance Certification Technical evaluation of a system's security features with respect to how well they meet a set of specified security requirements Accreditation The management action of approving an automated system, perhaps with prescribed administrative safeguards, for use in a particular environment 42

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu CIS 6930/4930 Computer and Network Security Dr. Yao Liu About Instructor Dr. Yao Liu, Office: ENB 336 Phone: 813-974-1079 Email: yliu@cse.usf.edu URL: http://www.cse.usf.edu/~yliu/ Office hour: TR 2:00pm

More information

CSC 474 Information Systems Security

CSC 474 Information Systems Security CSC 474 Information Systems Security Introduction About Instructor Dr. Peng Ning, assistant professor of computer science http://www.csc.ncsu.edu/faculty/ning pning@ncsu.edu (919)513-4457 Office: Room

More information

CSE 5392 Sensor Network Security

CSE 5392 Sensor Network Security About Instructor CSE 5392 Sensor Network Security Course Introduction Dr. Donggang Liu, assistant professor, CSE department http://ranger.uta.edu/~dliu dliu@cse.uta.edu Tel: (817) 272-0741 Office: 330NH

More information

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan CNT5412/CNT4406 Network Security Course Introduction Zhenhai Duan 1 Instructor Professor Zhenhai Duan (duan@cs.fsu.edu) Office: 162 LOV Office hours: 1:00PM to 2:00PM, T/Th Or by appointment Email: duan@cs.fsu.edu

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

CSCI 4541/6541: NETWORK SECURITY

CSCI 4541/6541: NETWORK SECURITY 1 CSCI 4541/6541: NETWORK SECURITY COURSE INFO CSci 4541/6541 Tuesdays 6:10pm 8:40pm Bell Hall 108 Office Hours: Tuesdays 2:30pm 4:30pm Dr. Nan Zhang Office: SEH 4590 Phone: (202) 994-5919 Email: nzhang10

More information

CS 450/650 Fundamentals of Integrated Computer Security

CS 450/650 Fundamentals of Integrated Computer Security CS 450/650 Fundamentals of Integrated Computer Security Course Information Department of Computer Science & Engineering UNR, Fall 2014 Class hours Tuesday & Thursday, 1:00 2:15am @ PE 101 Instructor E

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Weighted Total Mark. Weighted Exam Mark

Weighted Total Mark. Weighted Exam Mark CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU

More information

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus Department of Computer & Information Sciences INFO-450: Information Systems Security Syllabus Course Description This course provides a deep and comprehensive study of the security principles and practices

More information

CSCI 4250/6250 Fall 2015 Computer and Network Security. Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

CSCI 4250/6250 Fall 2015 Computer and Network Security. Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu CSCI 4250/6250 Fall 2015 Computer and Network Security Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu CSCI 4250/6250! What is the purpose of this course?! Combined Undergrad/Graduate Intro to Computer

More information

Boston University MET CS 690. Network Security

Boston University MET CS 690. Network Security Boston University MET CS 690 Network Security Course Overview This course will cover advanced network security issues and solutions. The main focus on the first part of the course will be on Security basics,

More information

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education COURSE OF STUDY 2015-2016 (C)ITM 820 - Information Systems Security and Privacy

More information

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification 1. Module Title Information Security 2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader Safwan M. 5. Teaching Semester 7 and 8 Soran University Faculty of Science and Engineering Computer

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Security Goals Services

Security Goals Services 1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;

More information

CSE343/443 Lehigh University Fall 2015. Course Overview. Presenter: Yinzhi Cao Lehigh University

CSE343/443 Lehigh University Fall 2015. Course Overview. Presenter: Yinzhi Cao Lehigh University CSE343/443 Lehigh University Fall 2015 Course Overview Presenter: Yinzhi Cao Lehigh University Who am I? Yinzhi Cao It is kinda like [yihn jee] [chow] If you feel that it is really difficult, call me Ian.

More information

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013 City University of Hong Kong Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 01/013 Part I Course Title: Course Code: Course Duration: Cryptography

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

CSC574 - Computer and Network Security Module: Introduction

CSC574 - Computer and Network Security Module: Introduction CSC574 - Computer and Network Security Module: Introduction Prof. William Enck Spring 2013 1 Some bedtime stories 2 Some bedtime stories 2 Some bedtime stories 2 Some bedtime stories 2 This course We are

More information

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can BBM 461: SECURE PROGRAMMING INTRODUCTION 1 Ahmet Burak Can COURSE MATERIAL Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston, Prentice Hall

More information

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed

More information

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2006 CSE331: Introduction to Networks and Security Lecture 1 Fall 2006 Basic Course Information Steve Zdancewic lecturer Web: http://www.cis.upenn.edu/~stevez E-mail: stevez@cis.upenn.edu Office hours: Tues.

More information

Security + Certification (ITSY 1076) Syllabus

Security + Certification (ITSY 1076) Syllabus Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Lecture 1 - Overview

Lecture 1 - Overview Lecture 1 - Overview CMPSC 443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ From small vulnerabilities come... 2 People are part of

More information

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN 0-321-24744-2.

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN 0-321-24744-2. CSET 4850 Computer Network Security (4 semester credit hours) CSET Elective IT Elective Current Catalog Description: Theory and practice of network security. Topics include firewalls, Windows, UNIX and

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline CIS 210 COURSE NUMBER: CIS 210 COURSE NAME: MEETING PLACE: Random On-Line DIVISION: Business, Computing & Applied Technology

More information

EECS 588: Computer and Network Security. Introduction January 14, 2014

EECS 588: Computer and Network Security. Introduction January 14, 2014 EECS 588: Computer and Network Security Introduction January 14, 2014 Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems

More information

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security

More information

MW 515-545, TU 1-3; and other times by appointment

MW 515-545, TU 1-3; and other times by appointment CSUS, COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science CSC 154 - Computer System Attacks and Countermeasures/ C Sc 254 Network Security (MW 7-8:15p; RVR 1008), Fall 2013 Instructor:

More information

Module: Introduction. Professor Trent Jaeger Fall 2010. CSE543 - Introduction to Computer and Network Security

Module: Introduction. Professor Trent Jaeger Fall 2010. CSE543 - Introduction to Computer and Network Security CSE543 - Introduction to Computer and Network Security Module: Introduction Professor Trent Jaeger Fall 2010 1 Some bedtime stories 2 This course We are going to explore why these events are not isolated,

More information

CS 5490/6490: Network Security Fall 2015

CS 5490/6490: Network Security Fall 2015 CS 5490/6490: Network Security Fall 2015 Professor Sneha Kumar Kasera School of Computing 1 What is this course about? Comprehensive introduction to network security Ø learn principles of network security

More information

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers White Paper Guide to PCI Application Security Compliance for Merchants and Service Providers Contents Overview... 3 I. The PCI DSS Requirements... 3 II. Compliance and Validation Requirements... 4 III.

More information

Professor s Contact Information Office Phone 972 883 2337 Other Phone n/a Office Location ECS South 4.207 Email Address

Professor s Contact Information Office Phone 972 883 2337 Other Phone n/a Office Location ECS South 4.207 Email Address Course CS 6349 001 Network Security Professor Dr. Kamil Sarac Term Fall 2014 Meetings Monday/Wednesday at 11:30am in ECS South 2.203 Professor s Contact Information Office Phone 972 883 2337 Other Phone

More information

Juniper Networks Secure

Juniper Networks Secure White Paper Juniper Networks Secure Development Lifecycle Six Practices for Improving Product Security Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

Information Security and Privacy

Information Security and Privacy IS 2150 / TEL 2810 Information Security and Privacy James Joshi Associate Professor, SIS Introduction Aug 28, 2013 1 Contact Instructor: James B. D. Joshi 706A, IS Building Phone: 412-624-9982 E-mail:

More information

CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; 278-4238/6834)

CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; 278-4238/6834) CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; 278-4238/6834) C Sc 250 Computer Security and Privacy, Spring 2012 (TR 4-5:15p; RVR 2010) INSTRUCTOR: Martin Nicholes

More information

Computer and Network Security

Computer and Network Security EECS 588 Computer and Network Security Introduction January 12, 2016 Alex Halderman Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,

More information

Principles of Information Assurance Syllabus

Principles of Information Assurance Syllabus Course Number: Pre-requisite: Career Cluster/Pathway: Career Major: Locations: Length: 8130 (OHLAP Approved) Fundamentals of Technology or equivalent industry certifications and/or work experience. Information

More information

EECS 588: Computer and Network Security. Introduction

EECS 588: Computer and Network Security. Introduction EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

CIS 4204 Ethical Hacking Fall, 2014

CIS 4204 Ethical Hacking Fall, 2014 CIS 4204 Ethical Hacking Fall, 2014 Course Abstract: The purpose of this course is to provide a basic understanding of computing, networking, programming concepts, and exploitation techniques, as they

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

Computer and Network Security

Computer and Network Security Computer and Network Security Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Louisiana

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

A Systems Engineering Approach to Developing Cyber Security Professionals

A Systems Engineering Approach to Developing Cyber Security Professionals A Systems Engineering Approach to Developing Cyber Security Professionals D r. J e r r y H i l l Approved for Public Release; Distribution Unlimited. 13-3793 2013 The MITRE Corporation. All rights reserved.

More information

CS 464/564 Networked Systems Security SYLLABUS

CS 464/564 Networked Systems Security SYLLABUS CS 464/564 Networked Systems Security SYLLABUS College: College of Science Department: Department of Computer Science Syllabus Title: CS 464/564 Networked Systems Security Call Number: 1. Meet the Professor

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

Need for Information Security, Understanding Information security trends and Improving Security

Need for Information Security, Understanding Information security trends and Improving Security Need for Information Security, Understanding Information security trends and Improving Security 10 th December, 2014 - Er. Sansar Jung Dewan At First: InfoSec Basics with the Five W s What is Information

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 17 IT Security Controls, Plans and Procedures First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Implementing IT Security

More information

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus CSCI - 440 Network Security and Perimeter Protection 3-0-3 CATALOG DESCRIPTION This

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Loophole+ with Ethical Hacking and Penetration Testing

Loophole+ with Ethical Hacking and Penetration Testing Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,

More information

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications Thomas K. Lee, Executive Director/CIO Human Resources Department (518) 447-2906 Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) The New York State

More information

CS 391-950 Ethical Hacking Spring 2016

CS 391-950 Ethical Hacking Spring 2016 CS 391-950 Ethical Hacking Spring 2016 Instructor: Shahriar Nick Rahimi Office: Faner 2136 Office Hours: MW 8:30 am-11 am Friday 10 am- 11 am E-Mail: nick@cs.siu.edu Course Web Site: https://online.siu.edu/

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

CNT4406/5412 Network Security Introduction

CNT4406/5412 Network Security Introduction CNT4406/5412 Network Security Introduction Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 35 Introduction What is Security? Protecting information

More information

TCOM 562 Network Security Fundamentals

TCOM 562 Network Security Fundamentals TCOM 562 Network Security Fundamentals George Mason University Fall 2009 Jerry Martin Fairfax Campus Tel: (703) 993-3810 Email: gmartin@gmu.edu Office Hours: by appointment only 1. Announcements The class

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

Security Defense Strategy Basics

Security Defense Strategy Basics Security Defense Strategy Basics Joseph E. Cannon, PhD Professor of Computer and Information Sciences Harrisburg University of Science and Technology Only two things in the water after dark. Gators and

More information

Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming.

Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming. Elective course in Computer Science University of Macau Faculty of Science and Technology Department of Computer and Information Science SFTW498 Information Security Syllabus 2nd Semester 2011/2012 Part

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan March 19, 2015 Network Security Reference Books Corporate Computer Security (3rd Edition)

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

Master of Science in Information Systems & Security Management. Courses Descriptions

Master of Science in Information Systems & Security Management. Courses Descriptions Master of Science in Information Systems & Security Management Security Related Courses Courses Descriptions ISSM 530. Information Security. 1 st Semester. Lect. 3, 3 credits. This is an introductory course

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Course Introduction Pavel Laskov Wilhelm Schickard Institute for Computer Science Computer security in headlines Technische Universität B» Internet als Risikofaktor?»

More information

The Information Security Problem

The Information Security Problem Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify

More information

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy. CS 458 / 658 Computer Security and Privacy Module 1 Introduction to Computer Security and Privacy Spring 2013 Course mechanics Instructor: Ian Goldberg https://cs.uwaterloo.ca/ iang/ Office hours: Thursdays

More information

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11. Content 1.Introduction to Data and Network Security. 2. Why secure your Network 3. How Much security do you need, 4. Communication of network systems, 5. Topology security, 6. Cryptosystems and Symmetric

More information

Security Practices for Online Collaboration and Social Media

Security Practices for Online Collaboration and Social Media Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.

More information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements

More information

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus COMP-530 Cryptographic Systems Security *Requires Programming Background University of Nicosia, Cyprus Course Code Course Title ECTS Credits COMP-530 Cryptographic Systems 10 Security Department Semester

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

Computer Security (EDA263 / DIT 641)

Computer Security (EDA263 / DIT 641) Computer Security (EDA263 / DIT 641) Lecture 1: Course introduction Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Sweden https://www.youtube.com/watch?v=kpyvenbpj5c

More information

Why Security Matters. Why Security Matters. 00 Overview 03 Sept 2015. CSCD27 Computer and Network Security. CSCD27 Computer and Network Security 1

Why Security Matters. Why Security Matters. 00 Overview 03 Sept 2015. CSCD27 Computer and Network Security. CSCD27 Computer and Network Security 1 CSCD27 Computer and Network Security Instructor: Alan Rosselet Office: IC-494 E-mail: rosselet @ utsc utoronto ca Web: http://www.utsc.utoronto.ca/~rosselet/cscd27/ 00 Overview CSCD27 Computer and Network

More information

Risk Management Guide for Information Technology Systems. NIST SP800-30 Overview

Risk Management Guide for Information Technology Systems. NIST SP800-30 Overview Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve

More information

CS 203 / NetSys 240. Network Security

CS 203 / NetSys 240. Network Security CS 203 / NetSys 240 Network Security Winter 2015 http://sconce.ics.uci.edu/203-w15/ 1 Contact Information Instructor: Gene Tsudik Email: gene.tsudik *AT* uci.edu Phone: (949) 824-43410 use only as the

More information

CNA 432/532 OSI Layers Security

CNA 432/532 OSI Layers Security CNA 432/532 OSI Layers Location: ECC 116 Days: Thursday Semester: Fall 2012 Times: 5:00-7:50 pm Professor: Dr. Amos Olagunju E-mail: aoolagunju@stcloudstate.edu Office Hrs: 3-4 MW, Office: ECC256 Other

More information

Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing Service. By Comsec Information Security Consulting Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication CS 458 / 658 Computer Security and Privacy Module 1 Introduction to Computer Security and Privacy Fall 2008 Course mechanics Instructor: Ian Goldberg Contact info: http://www.cs.uwaterloo.ca/ iang/ Office

More information

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security

More information